Ransomware Attacks Target Small Business

2020-02-25 02:14 PM Comment(s) By Cavan Kelly

A visit to a legitimate, but compromised, website.

A mistyped web address.

A single click. 

Each of these ​actions could potentially result in your files being encrypted by ransomware.

Ransomware is here to stay—at least until the next extortion tool comes along. Why? Because it's been effective in separating victims from their cash. The encryption methods are strong and the chances of recovering your files without payment are slim. For a time, even the FBI recommended simply paying the ransom. Fortunately, that ridiculous advice was quickly retracted, though it is still often quoted in the media. In 2016, an estimated $1 billion USD was paid.  By mid-2019, the average ransomware demand had  climbed to over $36,000USD and approximately 15% of victims paid up in an attempt to recover their data. The good news is that an estimated 96% were able to recover as much as 93% of the data.

What can be affected?

Any data on an infected computer is liable to be encrypted. If you use sync tools for services like Dropbox, Google Drive, or OneDrive, those files can be encrypted as well. Any network drives, be they on Windows servers, SAMBA servers, or NAS boxes—if the user has write permissions, the files can be encrypted. Many companies employ a shared drive that all users can access, a single infected machine can thus affect data for the entire organization.

What you should be doing to protect your data

Deploy a Next Generation Firewall

A Next Generation Firewall or Unified Threat Management device should protect every computer network. These devices inspect traffic on the wire to allow, or deny, entry to or exit from your network. By monitoring traffic in both directions, a NGFW can prevent malware from getting in or prevent malware that has gotten in from communicating with its command-and-control centre.

Install Anti-malware with Endpoint Detection and Response (EDR) 

Signature based anti-virus products simply aren't up to the task of protecting endpoints in today's environment.  While modern anti-malware products do employ a signature recognition system, they also monitor behaviour—watching for applications that don't just look like malware but act like malware.  The better products in this group will detect malicious behaviour and kill the rogue process.  The best of them will actually roll-back the damage.


Educate your Employees

Your employees are your last line of defense.  Make sure they know not to click on unexpected attachments, that they know how to verify the veracity of an email link, and that they are aware  of company policies regarding bank accounts and money transfers.

Employ the Principle of Least Privilege

Every employee should have all the permissions he requires to perform his job, and no more.  Users should not have admin rights to their PC.  If they do, every application they run also has admin rights and that is dangerous.

Have Frequent Backups (and test them)

Follow the 3-2-1 backup methodology.  You should have three copies of your data, on two different media, and one copy should be offsite. Test your ability to recover from backup media on a regular basis.

If you follow all of these recommendations, the odds of experiencing a data disaster will be low and, should you still get hit, you'll have the best chance of recovery. 

Share -